You are here

5 Key Differences between Accellion and Box

Posted by Hormazd Romer

Security questions stemming from Edward Snowden’s NSA revelations are continuing to concern IT leaders, who are now looking at just how much control they have over data housed in public cloud solutions. This is causing them to look more seriously at private cloud solutions for mobile file sharing, which were built for enterprises looking to have control over their sensitive business data.

With this in mind, we decided to compare our private cloud solution with Box’s public cloud solution, so IT leaders had a clear view of the differences. To really understand what Box is offering, it’s necessary to read more than feature checklists and press releases. For example, Box’s LDAP integration turns out not to support multiple-LDAP instances, and its so-called support for Enterprise Content Management requires enterprises to duplicate any ECM content they want to make available to mobile users.

Here’s a quick summary of five key differences between Accellion and Box:

Architecture. Surveys (for example, this one by ESG and this one by Research Now) show that enterprises strongly prefer private-cloud or hybrid-cloud solutions for storing and sharing confidential files. Accellion supports private clouds and hybrid clouds. Box offers only a public cloud solution. Public clouds deprive enterprises of full control over their data. For example, Box controls the encryption keys used to store enterprise data on its servers.

Compliance. Accellion supports compliance with SOX, GLBA, HIPAA, and FDA requirements, and has received FIPS 140-2 certification required for use by U.S. federal government agencies. Accellion also complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland (the “Safe Harbor Frameworks”). Accellion also meets the data sovereignty standards of European nations who mandate what region data must be stored in based on a files content or user access. Box has achieved compliance with HIPAA and HITECH obligations and is willing to sign HIPAA Business Associate Agreements (BAAs). The company has been issued an SSAE 16 Type II report and is Safe Harbor-certified. Box has not received FIPS 140-2 certification. Being a public cloud service hosted in the U.S., it cannot comply with data sovereignty and location regulations in the E.U. and in other regions outside the U.S.

Enterprises choosing Box end up with less-than-complete control and security, while assuming the operational overhead and added expense of duplicating files and undermining their strict ECM security policies. In contrast, the Accellion private-cloud solution answers the enterprise market’s need for mobile, scalable, flexible file sharing. Accellion preserves and extends existing security policies and infrastructure, rather than subverting or duplicating them.